Zabbix Low Level Discovery for TCP ports on a host

You can let Zabbix do a portscan of a host and monitor the ports that have been reported as open. I really like that option, it gives you the option to quickly add a host and monitor changes on TCP ports.

You'd need to:

  1. Place a script on the Zabbix server and all Zabbix proxies.
  2. Be sure "nmap" is installed. That's a port scanning tool.
  3. Create a Discovery rule on a template.

Place a script

Place this script in /etc/zabbix/externalscripts/zabbix_tcpport_lld.sh and change owner to the user that is running Zabbix server. (I presume zabbix:zabbix) Also change mode to 750.

#!/bin/sh

echo '{'
echo ' "data":['

nmap -T4 -F ${1} | grep 'open' | while read portproto state protocol ; do
port=$(echo ${portproto} | cut -d/ -f1)
proto=$(echo ${portproto} | cut -d/ -f2)
echo '  { "{#PORT}":"'${port}'", "{#PROTO}":"'${proto}'" },'
done

echo ' ]'
echo '}'

Install NMAP

Depending on your distribution:

RHEL/CentOS/Fedora Debian
sudo yum install nmap sudo apt-get install nmap

Configure a Discovery rule Zabbix

Select a template that you would like to add this discovery rule to. I've greated a "Network" template that does a few pings and has this discover rule.

I've listed the parameters that are required, the rest can be filled in however you like to use Zabbix.

Discovery

  • Name: Open TCP ports
  • Type: External check
  • Key: zabbix_tcpport_lld.sh[{HOST.CONN}]

This makes the variable {#PORT} and {#PROTO} available for use in the items and triggers.

Item Prototypes

  • Name: Status of port {#PORT}/{#PROTO}
  • Type: Simple check
  • Key: net.tcp.service[{#PROTO},,{#PORT}]
  • Type of information: Numeric (unsigned)
  • Data type: Boolean

Trigger Prototypes

  • Name: {#PROTO} port {#PORT}
  • Expression: {Template_network:net.tcp.service[{#PROTO},,{#PORT}].last(0)}=0

Now simply attach a host to this template to let it portscan and monitored the open (TCP) ports found.

Comments

good post.

good post.

The detail of whole topic is

The detail of whole topic is Zabbix Low Level Discovery for TCP ports on a host and i like to know about this topic. I have some question regarding TCP ports which actually related to networking field. Infect, A website http://www.analyzedu.com/ have a lot of networking related articles. I would like to say Thanks for this valuable information.

There are a simple webpage

There are a simple webpage which provides free amazon gift card code generator online without spending a single penny.

Hello friends, if you are

Hello friends, if you are searching for how to get moviestarplanet hack tool then you reached the right homepage where these msp hacks are available.

I think it would be great to

I think it would be great to have this kind of item. This will surely be a useful one. - Barbara Wyer